[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: source sharing group



On 29Jan2008 10:25, Martin Marques <martin marquesminen com ar> wrote:
> Cameron Simpson escribió:
>> Not really. Anyone can use a VCS. Why should they need to be in a particular
>> group? That is a policy decision for your particular system.  Example: at my
>> workplace there are SVN and CVS repositories with _different_ groups to
>> constrain access to particular project groups.
>
> You mean that all the other groups that a normal Fedora Server/Workstation 
> has are always needed?

Most are for running daemons or constraining access to a resource (eg
tape). Since the daemon exists, or the resource exists, a group is
needed.

But Mercurical is just a set of tools - you can and often do run it
as a client with no server.

> What group should /var/cvs or /var/lib/cvs have?

Shrug. The former is owned by root here, but it is NOT where we put our
CVS repositories.

If there isn't a group, make one called "cvs" or (much better)
"my-org-developer-group" - not that literally, but maybe something like
"foodev" or "foosrc" if you work for "foo.com".

This has the advantage that it is outside the vendor group name space
(by sheer probability, nothing more rigourous), unlikely to collide with
some other package's "vendor" group name.

And for an official thing (official-for-you, not official-for-fedora),
I wouldn't put the repository in /var at all.  We tend to use "normally
backed up places" for that, like /home/cvs or /app/cvs etc. Again, _out_
of the vendor filename space.

>> For your system you may well have a single group who uses the VCS, and
>> then you need only one group. But you don't really need a group at all
>> (for example, I have a few mercurial repositories at home wholly for me
>> - no group is involved at all).
>
> Well, actually I was trying to build a centralized mercurial repository to 
> share with hgweb, and I stumbled when looking for a group to use.

"src" may well be just fine. But I'd make a more personalised one
myself.

> BTW, a /var/lib/hg directory wouldn't hurt to have after installing 
> mercurial. If you want to have a centralized copy to share, you know where 
> to put it (in a standardized mode), else, it's just an empty directory 
> laying there.

Maybe. But I know I would not use it myself.

>> So a VCS shouldn't impose a group on the system. Make the group
>> yourself, and set your own policy as you see fit.
>
> Why not have a standard group for this?

For the reasons above: you may not want just one. Overprovision of unused
groups tends to make things harder for people, not easier, because of
the chances of collision with a preexisting group.

Imagine you've got a "src" group already from your existing systems,
in use across you LAN via NFS with a particular GID. Now you install
a new Fedora system, and install Mercurial and suppose it ships with a
"src" group. If your install happens before integration with the other
systems (we tend to install standalone and then run a "join the LAN"
customisation script) then it will likely have a different GID from the
other systems. And now you have a problem. This happens to us all the
time as we have many machines from different vendors of different ages.
We have evolved work practices to deal with it, but the problem is real.

I'm not saying your suggestion is ridiculous. I'm saying it's not
needed, strictly speaking. They may well be _reasonable_, and I wouldn't
say it would be a bad thing.

Cheers,
-- 
Cameron Simpson <cs zip com au> DoD#743
http://www.cskk.ezoshosting.com/cs/

Tachyon: A gluon that's not completely dry.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]